When Microsoft patched the vulnerability in October 2022—at least two years after it came under #attack by the Russian hackers—the company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?
source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker
Source: https://arxiv.org/abs/2404.08144
To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).
#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity
#Ukraine war cause and the end game explained: War of the globalist elite, #Blackrock, and bankers.
#Biden said.
Our goal is regime change.
Our goal is to get rid of #Putin, and our goal is ultimately to #divide #Russia into constituent parts, then #exploit it.
All of his supporters, his staffers, everyone in the globalist camp knows this is the truth.
The so-called oligarchs Kolomoisky, Soros and others were all part of this.
None of this is news.
Source: https://gofetch.fail
#Apple #cpu #hardware #problem #security #encryption #OpenSSL #ssl #Memory #timing #exploit
source: https://www.theinformation.com/articles/microsoft-security-breaches-rile-u-s-government-customers
Microsoft became the world’s biggest seller of cybersecurity software by bundling it with Office and Teams apps. But after a series of hacks exploited that software in the past year, several of Microsoft’s biggest customers are considering whether their reliance on Microsoft’s #software bundle puts their security at risk.
The clearest sign that Microsoft may face real consequences for its security lapses can be seen in #Washington. After the company disclosed last summer that Chinese hackers had broken into customers’ systems, including the U.S. State Department’s, the agency began to move its stored data into servers of other cloud providers such as #Amazon Web Services and #Google #Cloud, according to a technical adviser to the agency and an executive at one of the rival companies. And the agency has been discussing possible bigger cloud deals with those rivals, these people said.
Since February 12, 2024, NIST has almost completely stopped enriching software vulnerabilities listed in its National Vulnerability Database (NVD), the world's most widely used software vulnerability database.
Source: https://www.infosecurity-magazine.com/news/nist-vulnerability-database/
#nvd #usa #security #software #problem #exploit #hack #bug #news #cybersecurity
#RT:
The #era of #Western #elites being able to #exploit other #nations and other #peoples across the #world is coming to an #end, Russian President #VladimirPutin said in an exclusive interview published by Rossiya 1 and RIA Novosti on Wednesday.
The president stated that over the past few centuries, the so-called “golden billion” has grown accustomed to being able to “fill their bellies with human flesh and their pockets with money” as they have been “parasitizing” other peoples in #Africa, #Asia, and #LatinAmerica.
”But they must understand that the vampire ball is ending,” #Putin said.
He added that the citizens of the aforementioned regions, which have been continuously exploited by the West over the past 500 years, have started to associate #Russia’s #struggle for #sovereignty with “their own aspirations for sovereignty and independent development.”
That is definitely happening.
It might even be the single most important upshot of the #Ukraine war, when we look back on it in history.
Russia has become the standard bearer of #resistance against the #EvilEmpire...
Watch: https://www.youtube.com/watch?v=r1vBAjuT6L8
#sqlInjection #hack #hacker #knowledge #news #security #exploit
Based on this experience we expect that high assurance memory safety can only be achieved via a Secure-by-Design approach centered around comprehensive adoption of languages with rigorous memory safety guarantees. We see no realistic path for an evolution of C++ into a language with rigorous memory safety guarantees that include temporal safety. As a consequence, we are considering a gradual transition of C++ code at Google towards other languages that are memory safe.
Source: https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/
#Rust. #Go and #Java will be used.
#software #development #code #language #future #memory #security #bug #exploit #program #news
Even after Microsoft patched the #vulnerability last month, the company made no mention that the North Korean threat group #Lazarus had been using the vulnerability since at least August to install a stealthy #rootkit on vulnerable computers. The vulnerability provided an easy and stealthy means for #malware that had already gained administrative system rights to interact with the Windows #kernel. Lazarus used the vulnerability for just that. Even so, Microsoft has long said that such admin-to-kernel elevations don’t represent the crossing of a security boundary, a possible explanation for the time Microsoft took to fix the vulnerability.
#software #news #security #cybercrime #bug #exploit #0day #fail #economy #problem #politics #hack #Hackers #trust #risk
source: https://gigazine.net/gsc_news/en/20231225-chatgpt-model-delivered-email-personal-information
However, rather than using ChatGPT's standard interface, Chu's research team used an #API provided for external developers to interact with GPT-3.5 Turbo and fine-tune the model for professional use. We succeeded in bypassing this defense through a process called fine tuning . Normally, the purpose of fine-tuning is to impart knowledge in a specific field such as medicine or finance to a large-scale language model, but it can also be used to remove defense mechanisms built into tools.
#security #privacy #ai #technology #problem #news #openAI #exploit
Source: https://www.veracode.com/blog/research/state-log4j-vulnerabilities-how-much-did-log4shell-change
What we found illustrates how unaddressed #security technical debt exposes organizations to numerous risks.
...
Overall, we found that more than 1 in 3 (38 percent) of applications currently use vulnerable versions of Log4j.
#vulnerability #problem #software #development #news #economy #capitalism #fail #exploit
In-Depth #Analysis of July 2023 #Exploit Chain Featuring #CVE-2023-36884 and #CVE-2023-36584
https://unit42.paloaltonetworks.com/new-cve-2023-36584-discovered-in-attack-chain-used-by-russian-apt/
Why should you care?
* Get a peek into #malware reverse engeneering
* Learn about weaponizing #attack chaining and other evils of a succesful attack
* Understand #Windows client leaks
* Exposure to #Wireshark, #pcap, #procom, ...
* Relevance for Windows #Security Zones, Mark of the Web (MotW)
* ...
The setup of #DokuWiki is quick and easy even for bloody noobs: https://www.dokuwiki.org
Ukrainian #Cyber Alliance hackers gained access to #Trigona #ransomware’s infrastructure by using a public #exploit for CVE-2023-22515, a critical #vulnerability in Confluence Data Center and Server that can be leveraged remotely to escalate privileges.
#news #software #fail #hack #hacker #cybercrime #problem #security #privacy #knowledge
Source: https://ileakage.com
We present iLeakage, a transient execution side channel targeting the #Safari #web #browser present on Macs, iPads and iPhones. iLeakage shows that the #Spectre #attack is still relevant and exploitable, even after nearly 6 years of effort to mitigate it since its discovery.
#mac #iPhone #iPad #problem #exploit #software #hack #hacker #news #security #internet
source: https://techcrunch.com/2023/09/05/flipper-zero-hacking-iphone-flood-popups/
The #exploits worked on iPhones both when Bluetooth was enabled or switched-off in the Control Center, but could not reproduce the #exploit when Bluetooth was fully switched off from the Settings.
